This invention relates to on-line entry control systems and more particularly relates to a novel and improved interactive method and system for tracking and maintaining keys or other entry control devices in a reliable and secure manner. The invention generally relates to, and may be implemented in, systems and methods as disclosed in U.S. patent application Ser. No. 09/925,672, filed on Aug. 10, 2001 (the '672 application), the disclosure of which is hereby fully incorporated by reference herein.
Key management programs have been in existence for many years. First came the invention of pin tumbler lock cylinders that gave security professionals the ability to alter the internal configuration of the pins inside the cylinder and cut related keys to that combination in order to effect a change in Users having access to a particular Location. Following that invention came the development of interchangeable cores that allowed program managers to physically move the Location of an existing lock cylinder to a different Location and thus again achieve the ability to control the access of Users into various Locations.
Initially, program managers began seeking control over the ability to duplicate keys and thus minimize the inherent security breach of five keys turning into six keys without proper authority. Manufacturers in the industry focused attention on various forms of restricting access to key blanks in order to offer program managers the confidence that keys could not be duplicated without a program manager's specific approval.
InstaKey Lock Corporation of Denver, Colo. previously devised a lock cylinder that permits authorized Users to re-key each lock when necessary. For example, when a key is lost or stolen, it is necessary only to insert a replacement key into the lock, turn it 180 degrees and remove it along with a wafer from the lock cylinder's pinning. Upon removal of the wafer, only new keys matched to the replacement key will now open the lock. Such a rekeying operation is hereinafter referred to as a “step change.” The operation can be repeated a preset number of times depending upon the number of wafers in the cylinder that are removable by different replacement keys and then the cylinder can be easily re-pinned through another designed sequence of steps.
Independent levels of master keying can be incorporated into the re-keyable lock cylinder as described so that User level keys (also referred to as change keys) can be changed without affecting master keys and vice-versa; also, only the people directly affected by the missing key need to receive new keys thereby avoiding a situation where a manager could end up with a number of keys resulting from changes in several User doors for which he or she is responsible. Different levels of security have been incorporated into the system described including (1) making key blanks available only through authorized sources; and (2) placing a serial number on each key to permit tracking of all keys within a system so that, if a key is found or returned, it can be determined whether it is the one believed to have been missing and whether there is a need to re-key.
The foregoing is given more as a setting for the present invention and is merely representative of various types of entry control devices conformable for use in a secure, online entry control system. However, utilizing a lock cylinder of the type described with the ability to rekey each cylinder and to track the identity and whereabouts of each key lent itself particularly well to use in combination with a computer program which enabled a customer to establish its own database for tracking and maintaining its keys and limiting access to one or more Locations by selected Users. One such program is described in the Records Management System Manual of InstaKey Lock Corporation, Englewood, Colo. and is incorporated by reference herein. Nevertheless, there is a continuing need for a data processing system which is capable of using the Internet and/or intranet in conjunction with a relational database in monitoring and recording the information flow and data related to an access control system so that immediate attention and correction can be given to a problem that may arise virtually at any time in different parts of the world. More specifically, there is a continuing need for a data processing system to dynamically link entry control devices, such as, a key to Users to Locations such that access to each Location is controlled and known on a real time basis. In providing such a system, it is important that the data processing system be capable of maintaining current and historical data on each of the three primary components (Devices, Locations and Users) so that the complete history of any component is accessible to authorized Users and complete security is established in order to control access to specific data and information on a “need-to-know” basis.
Many lock systems have the ability to be “re-keyed.” In other words, the lock cylinder may be reconfigured so that a differently configured key will operate the lock when, for example, the original key (or a previously operative key) is lost or stolen. Each potential reconfiguration of the cylinder may be regarded as a “step.” Only one step at a time is considered to be the active step, i.e., the step that is currently in use. For any particular lock there may be past steps which are considered deactivated and future steps which are yet to be activated. For various reasons, it would be helpful for users to be able to determine whether there is a conflict in the information stored in the database regarding the steps. This would allow the user to determine and properly maintain the status of its keys and associated lock or locks.
The '672 patent application provides an interactive method and system for tracking and maintaining access to Locations by selected users in a reliable and secure manner. In general, a method and system of the type disclosed in the '672 application provides a data processing system and method enabling immediate data manipulation from local and/or remote geographic locations by an authorized user through the use of digital communications to one or more databases. The system protects this security data by limiting access to the data, for example, over the internet or a more localized intranet or network to authorized users in variable degrees. Generally, an entry or access control Device, such as a lock, is assigned to a particular secured Location. The security control system disclosed in the '672 application can generally comprise a plurality of databases with each database defining a predetermined level of access to the secured Location. A password may be assigned to each user in accordance with a specified level of security assigned to that user. Each of the databases have one or more functions selectable by each user according to the capabilities allowed under the user's password.